61 matches found
CVE-2023-31416
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
CVE-2023-31416
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
Code injection
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
CVE-2023-31416
The CVE-2023-31416 issue affects Elastic Cloud on Kubernetes (ECK) before 2.8 when used with APM Server 8.0 or later. The root cause is that the secret token configuration is not applied, which could allow anonymous requests to be accepted and lead to data ingestion into the APM deployment. Affec...
CVE-2023-31421
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...
CVE-2023-31421
CVE-2023-31421 affects Beats, Elastic Agent, APM Server, and Fleet Server when acting as TLS clients: if configured to connect to an IP address, the client does not validate the server certificate’s IP SAN against that IP, though certificate signature validation runs. This can allow a connection ...
CVE-2023-31421 Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...
Elasticsearch Security Vulnerabilities
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from the fact that Beats, Elastic Agent, APM Server, Fleet Server, when used as a TLS client, does not verify that the server certificate is valid for the target IP address...
Beats, Elastic Agent, APM Server, and Fleet Server 8.10.1 Security Update - Improper Certificate Validation issue (ESA-2023-16)
Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue ESA-2023-16 It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,...
Security Bulletin: Multiple vulnerabilities in libthrift affect IBM Application Performance Management products
Summary libthrift jar is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION: Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had...
GO-2022-0706 Information disclosure in go.elastic.co/apm
Sensitive HTTP headers may not be properly sanitized before being sent to the APM server if the program panics...
Insertion of Sensitive Information into Log File
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it...
Security Bulletin: Multiple vulnerabilities affect the IBM Performance Management product
Summary Multiple vulnerabilities affect the IBM Performance Management product. Vulnerability Details CVEID: CVE-2020-4726 DESCRIPTION: The IBM Application Performance Monitoring UI allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS...
Dsiem - Security Event Correlation Engine For ELK Stack
Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...
Elastic Stack 7.5.0 security update
Metricbeat and Filebeat DSA public key panic ESA-2019-15 A denial of service flaw when parsing malformed DSA public keys was discovered in Go, the language used to implement Beats. If Metricbeat or Filebeat are configured to accept incoming TLS connections with client authentication enabled, a...
Security Bulletin: IBM Application Performance Management could allow a remote attacker to hijack the clicking action of the victim (CVE-2019-4086)
Summary IBM Application Performance Management could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attac...
Man-in-the-Middle (MitM)
elastic-apm is vulnerable to man-in-the-middle MitM attacks. When specifying a trusted server CA certificate via the servercacert setting, a TLS certificate validation error causes improper verification of the certificate returned by the APM server. This allows an attacker to perform...
CVE-2019-7615
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'servercacert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the...